1. Field of the Invention
This invention relates to implementing public key infrastructure (PKI) in wireless networks, for example but not limited to IEEE 802.11 networks.
2. Related Art
Public key encryption uses a pair of keys, one public and one private, to protect data and information from unauthorized access. Data or information encrypted with the public key can be decrypted only with the corresponding private key. In addition, public key encryption can be used to authenticate devices and/or parties involved in a communication.
One issue in public key encryption is verifying that a public key is authentic, that is it has not been tampered with or replaced by a malicious third party. A public key infrastructure can be used to address this issue. In a public key infrastructure, one or more trusted certification authorities (CAs) certify ownership of key pair (i.e., a public key and its associated private key). Once trusted, encryption and authentication using that key pair can be trusted.
FIG. 2 shows this arrangement in the context of a convention wireless network (e.g., a conventional IEEE 802.11 network): In this arrangement, wireless devices (not shown) communicate with access points (AP1, AP2, . . . APN) 20, 21 and 22, which in turn communicate with controller 24. The controller provides access to another network such as a VPN, Intranet, the Internet, the World Wide Web, or the like (not shown). XYZ certification authority 26 issues certificates 28, 29, 30 and 31 that certify ownership of key pairs, as described above.
One problem with this arrangement is that the controller does not have complete control over the certification process. In particular, XYZ certification authority 26 has control of the certificates used in the process (XYZ denoting a third party who owns/controls the certification authority). Another problem is that an infrastructure must be put in place to support the external certification authority.